[BreachExchange] Misconfigured older Apache Airflow installations found leaking credentials

[Sophia Kingsbury]

https://siliconangle.com/2021/10/04/misconfigured-older-apache-airflow-installs-found-leaking-credentials/

Security researchers at cybersecurity firm Intezer Labs Ltd. have uncovered
misconfigurations in older versions of Apache Airflow that expose sensitive
information across major companies.

The researchers said today they found that the unsecured instances expose
sensitive information of companies across the media, finance,
manufacturing, information technology, biotech, e-commerce, health, energy,
cybersecurity and transportation industries.

Apache Airflow is an open-source workflow management platform that Airbnb
Inc. first designed in 2014 to manage the company’s workflows. The service
offers a plug-and-play platform for data engineers to visualize data
pipeline dependencies, progress, logs, code, trigger tasks and success
status.

The service has become popular, and therein lies the problem with the
misconfiguration of older versions used by many companies. The
misconfiguration can be found in Amazon Web Services Inc., Google Cloud
Platform, Stripe Inc., PayPal Holdings Inc., Binance Ltd. and Slack Inc
among others.

The researchers noted that exposing secrets such as user credentials can
cause data leakage or allow attackers to spread further in a system.
Customer data exposed as a result of a data leak can lead to a violation of
data protection laws and the possibility of legal action.

“This leak is extremely significant,” Jake Williams, co-founder and chief
technology officer at incident response company BreachQuest Inc., told
SiliconANGLE. “Unlike more traditional credential leaks that impact
individual user accounts, these credential leaks impact entire application
framework instances.

Threat actors might use leaked credentials to compromise entire databases
containing sensitive user content, Williams explained. “In some cases,
threat actors might be able to use these credentials to compromise entire
application containers and/or run their own containers using a victim’s
billing information,” he said. “In short, while user information wasn’t
directly compromised through these leaks, they open the door to compromises
of user data in massive quantities.”

Hank Schless, senior manager, security solutions at endpoint-to-cloud
security company Lookout Inc., noted that the incident is concerning
because of the number and variety of cloud services that Airflow supports.
“As one of the most popular open-source solutions in the world, the effects
of the incident are far-reaching,” he said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211005/6b1881ac/attachment.html>